Iris values the confidentiality and integrity of your personal data. Therefore, we will process your data carefully and only use it for specific purposes and in accordance with applicable data protection regulations.
In this privacy statement we provide a detailed description of how we handle your personal data.
Data controller
Iris Group NV (hereinafter referred to as “Iris”, “we” and/or “us”) with company number BE 0418.161.060, based in Bazellaan 5, 1140 Brussel is responsible for processing your personal data.
Iris Group is the parent company of Iris Facility Solutions, Iris Industry Solutions, Alcyon, Alcyon Dienstencheques, Technical Building Services and Iris Greencare.
What personal data we collect?
Below we provide per category of data subjects detailed information about what personal data we collect, for which purposes and under which legal basis, as well as information about the retention periods:
Who can access your personal data?
Access to your data is limited to only authorized persons within Iris who need this information to perform their functions.
In addition, to the extent necessary or appropriate, we may share your personal data with:
- our branches / other entities of the Iris Group
- our business partners
- government services (including judicial and police services)
- banks and insurers
- our professional advisors (e.g. law firms and consultancy firms)
- suppliers of IT related services
- other service providers that we appoint as data processors
We will impose appropriate contractual, confidentiality, security and other obligations on these third parties. The obligations imposed correspond to the nature of the services they provide to us. We will only allow them to process your personal data in accordance with the law and on our instructions. We do not allow them to use your personal data for their own purposes and if our relationship ends we will ensure that your personal data is returned and/or destroyed securely.
Some of these third parties are themselves data controllers who are responsible for processing your personal data for their own purposes, for example insurers or governments. In these cases, we are unable to impose any obligations or restrictions on these controllers as to how they may process your personal data.
International transfers
In general, your data will not be transferred to a destination outside the European Economic Area (EEA). If this would be the case, Iris will ensure that an adequate level of protection is guaranteed.
Certain countries outside the EEA are recognized by the European Commission for providing an adequate level of data protection. For transfers from EEA countries to countries that are not considered adequate by the European Commission, we take appropriate measures, such as setting up “standard contractual clauses” to guarantee an appropriate level of data protection.
What are your rights and how can you exercise them?
In accordance with data protection law, you have the right to:
- Make a Data Subject Access Request to access your personal Information at any time. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal Information that we hold about you. This enables you to have any incomplete or inaccurate personal information we hold about you corrected, although we may need to verify the accuracy of the new data you provide to us.
- Request erasure / deletion / removal of your personal information. This enables you to ask us to delete or remove your personal information where we do not have a valid reason to continue to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Please Note: we may not always be able to comply with your request for erasure for specific legal reasons of which you will be informed, if applicable, at the time of your request.
- Object to processing of your personal information where we are relying on a legitimate interest (or that of a 3rd party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that overrides your rights and freedoms.
- Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to process it.
- Data Portability / Request the transfer of your personal information to you or to a 3rd party. For example to transfer it to another controller and, where technically feasible, to obtain the transfer of the data directly from one controller to another.
You can exercise the above stated rights by sending a written request by e-mail to gdpr@iris.be.
We will respond to your request as soon as possible, and in any case within one month of receiving your request. Depending on the complexity of the requests and the number of requests, that period may be extended by a further two months. We will inform you in that case.
You can exercise your rights free of charge unless your request is manifestly unfounded or excessive, in particular due to its repetitive nature. In such a case, we have the right and choice to charge you a reasonable fee (taking into account the administrative costs of providing the requested information and the costs associated with taking the requested measures or refuse to comply with your request).
Complaints in case of violation of the applicable rules regarding the protection of personal data can be addressed to the Data Protection Authority via contact@apd-gba.be
How do we protect your personal data?
Iris treats all your personal data confidentially and takes appropriate technical and organizational measures to protect your data against loss or unlawful processing.
To protect your personal data, we take various security measures including secure servers, firewalls, encryption and authentication tools, as well as physical protection of the locations where personal data is stored.
If you, despite all taken precautions by us, should nevertheless discover a breach of our security, we request that you notify us as soon as possible via gdpr@iris.be
Automated decision making
We do not use your personal data for automated decision making.
Changes to this privacy statement
Iris may change this Privacy Statement from time to time and without prior notice (last update June 2021). We recommend that you regularly consult this Privacy Statement, in any case when you provide personal data to Iris.
Contact details
If you have any questions about this privacy policy or you are not satisfied with the way in which we handle your personal data or if you wish to exercise one of your rights, please contact us via gdpr@iris.be
If you are not satisfied with our response to a complaint or if you believe that our processing of your personal data does not comply with data protection legislation, you can contact the Data Protection Authority via contact@apd-gba.be